General
-
Target
MOD-MENU-GRATIS-Y-ES_uDrJ1cgo.exe
-
Size
3.4MB
-
Sample
230317-v37rgahc83
-
MD5
7275593a81b792ba7f8b468785eb0b9c
-
SHA1
b1e10472dcdf930e2560c97fe38510e83e43d649
-
SHA256
048b8345ac7359cb900e1737b3fb51dc729717bf68136f2cf0c33d93b9582fb6
-
SHA512
eff17c4378cc3ce6fdc61be93bce93d6e27d11f25e4fc77e3b09b0f2cb9cdbfda3d4c2de8e3ca09ae501fcc9fc04dc2e5310e4c0bc427e79062dbac3a2631235
-
SSDEEP
98304:5FemAzzgQWl370kpkhcPlMLlaLKhwk6QfcVSvPYp:neH2d70vatMLluKhwCfcqPYp
Malware Config
Extracted
gcleaner
85.31.45.39
85.31.45.250
85.31.45.251
85.31.45.88
Targets
-
-
Target
MOD-MENU-GRATIS-Y-ES_uDrJ1cgo.exe
-
Size
3.4MB
-
MD5
7275593a81b792ba7f8b468785eb0b9c
-
SHA1
b1e10472dcdf930e2560c97fe38510e83e43d649
-
SHA256
048b8345ac7359cb900e1737b3fb51dc729717bf68136f2cf0c33d93b9582fb6
-
SHA512
eff17c4378cc3ce6fdc61be93bce93d6e27d11f25e4fc77e3b09b0f2cb9cdbfda3d4c2de8e3ca09ae501fcc9fc04dc2e5310e4c0bc427e79062dbac3a2631235
-
SSDEEP
98304:5FemAzzgQWl370kpkhcPlMLlaLKhwk6QfcVSvPYp:neH2d70vatMLluKhwCfcqPYp
Score10/10-
GCleaner
GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks for any installed AV software in registry
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-